SSLv3 Fallback Protection âPOODLEâ vulnerability (CVE-2014-3566)
Version: OpenSSL 1.0.1, 1.0.0, 0.9.8
POODLE stands for Padding Oracle On Downgraded Legacy Encryption. This vulnerability allows a man-in-the-middle attacker to decrypt cipher text using a padding oracle side-channel attack.
OpenSSL Description: "Some client applications (such as browsers) will reconnect using a downgraded protocol to work around interoperability bugs in older servers. This could be exploited by an active man-in-the-middle to downgrade connections to SSL 3.0 even if both sides of the connection support higher protocols. SSL 3.0 contains a number of weaknesses including POODLE."
All products using OpenSSL version 1.0.1, 1.0.0, 0.9.8 are impacted.
For Filr 1.1.0 - patch is called 'Filr 1.1 - Security Update 1' and utilizes the new UI based patch deployment mechanism.
For Filr 1.0.1 - patch is called 'Filr - Security Update 3' and is distributed the same way as earlier patches.
There is no patch release for Filr 1.0.0.
StatusReported to Engineering